Section: .. / Last 20 Files /
| /// File Name: | ane-xsrf.txt | Description:
| ANE CMS version 1 suffers from a cross site request forgery vulnerability. | | Author: | Pratul Agrawal | | File Size: | 2188 | | Last Modified: | Mar 11 11:26:29 2010 | | MD5 Checksum: | 75931499966409c4e4d5bd37b38f2270 |
|
| /// File Name: | ane-xss.txt | Description:
| ANE CMS version 1 suffers from a cross site scripting vulnerability. | | Author: | Pratul Agrawal | | File Size: | 11204 | | Last Modified: | Mar 11 11:25:29 2010 | | MD5 Checksum: | baaa652f16f1938c75702a9aace1a1d5 |
|
| /// File Name: | USN-909-1.txt | Description:
| Ubuntu Security Notice 909-1 - William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 11987 | | Related CVE(s): | CVE-2010-0396 | | Last Modified: | Mar 11 11:24:59 2010 | | MD5 Checksum: | 7d4e4c416e8850722bfebfb1f166c1df |
|
| /// File Name: | abton-sql.txt | Description:
| Abton CMS suffers from a remote SQL injection vulnerability. | | Author: | MustLive | | File Size: | 1385 | | Last Modified: | Mar 11 11:24:15 2010 | | MD5 Checksum: | 52f6b36dba1fbd3b137ebb090d43ddf1 |
|
| /// File Name: | dsa-2011-1.txt | Description:
| Debian Linux Security Advisory 2011-1 - William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 7029 | | Related CVE(s): | CVE-2010-0396 | | Last Modified: | Mar 11 11:23:39 2010 | | MD5 Checksum: | c4b2f418358eb264d4bb4d72a3b63d6a |
|
| /// File Name: | MDVSA-2010-060.txt | Description:
| Mandriva Linux Security Advisory 2010-060 - The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service (crash) via crafted packets to the HTCP port, which triggers a NULL pointer dereference. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5924 | | Related CVE(s): | CVE-2010-0639 | | Last Modified: | Mar 10 21:34:20 2010 | | MD5 Checksum: | 414b8437f31d74850426f8a525a3e1e8 |
|
| /// File Name: | cookiemonster_v1.6.zip | Description:
| Cookie Monster is a cookie analysis tool written in Python. Cookie Monster will grab cookies from a host and assign each character a number. This number can be used to perform mathematical calculations on the differences in order to find a pattern and see if cookie prediction is possible. | | Author: | Tom Neaves | | Homepage: | http://www.tomneaves.com/ | | File Size: | 3450 | | Last Modified: | Mar 10 21:31:44 2010 | | MD5 Checksum: | c8965e9b954a6b7684b304c5e80a7dda |
|
| /// File Name: | super-vulns.tgz | Description:
| SUPERAntiSpyware and Super Ad Blocker have almost identical device drivers in order to set up hooks and perform other duties from kernel space. These device drivers suffer from lack of validation of parameters passed from user mode. Additionally, some of the functions accessible from user mode are inherently insecure and lead to easy privilege escalation. All vulnerabilities are applicable to both applications. Proof of concept code included with full advisory. | | Author: | Luka Milkovic | | File Size: | 33557 | | Last Modified: | Mar 10 21:30:19 2010 | | MD5 Checksum: | 3170b366c6223e86743528719242746a |
|
| /// File Name: | joomlaabout-sql.txt | Description:
| The Joomla About component suffers from a remote SQL injection vulnerability. | | Author: | Snakespc | | File Size: | 866 | | Last Modified: | Mar 10 21:27:25 2010 | | MD5 Checksum: | 75053d91412433bd2af46e8bc384850d |
|
| /// File Name: | USN-908-1.txt | Description:
| Ubuntu Security Notice 908-1 - It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 38935 | | Related CVE(s): | CVE-2010-0408, CVE-2010-0434 | | Last Modified: | Mar 10 21:26:31 2010 | | MD5 Checksum: | c325fa7847fc469032e3592c119cde4f |
|
| /// File Name: | MDVSA-2010-059.txt | Description:
| Mandriva Linux Security Advisory 2010-059 - Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 18565 | | Related CVE(s): | CVE-2009-3940 | | Last Modified: | Mar 10 21:26:09 2010 | | MD5 Checksum: | 48a4c84f6d63d9b13bd485a788bc892d |
|
| /// File Name: | secunia-xnviewdicom.txt | Description:
| Secunia Research has discovered a vulnerability in XnView, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file. Version 1.97 is affected. | | Author: | Stefan Cornelius | | Homepage: | http://secunia.com/ | | File Size: | 4126 | | Related CVE(s): | CVE-2009-4001 | | Last Modified: | Mar 10 21:23:39 2010 | | MD5 Checksum: | 06aae772fe010c07ca5d04fd20ac13e2 |
|
| /// File Name: | excel-codeexec.txt | Description:
| VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The flaw is caused by a memory corruption error when processing malformed "EntExU2" records in an Excel document, which could be exploited by attackers to execute arbitrary code. | | Author: | Nicolas JOLY | | Homepage: | http://www.vupen.com/ | | File Size: | 2681 | | Related CVE(s): | CVE-2010-0257 | | Last Modified: | Mar 10 21:21:05 2010 | | MD5 Checksum: | f66a1be4abfb1a54cae69d7791394e13 |
|
| /// File Name: | ie_iepeers_pointer.rb.txt | Description:
| This Metasploit module exploits a use-after-free vulnerability within iepeers.dll of Microsoft Internet Explorer versions 6 and 7. NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected. | | Author: | Trancer | | Homepage: | http://www.metasploit.com | | File Size: | 4796 | | Related OSVDB(s): | 62810 | | Related CVE(s): | CVE-2010-0806 | | Last Modified: | Mar 10 21:18:10 2010 | | MD5 Checksum: | 148df6b886dc2dbed56a1580848c30f7 |
|
| /// File Name: | phpcityportal-sqlrfi.txt | Description:
| PHPCityPortal suffers from remote file inclusion and SQL injection vulnerabilities. | | Author: | R3d-D3v!L | | File Size: | 1751 | | Last Modified: | Mar 10 21:13:59 2010 | | MD5 Checksum: | b3cf8067188dddf195e8aa0379efcb9a |
|
| /// File Name: | Botan-1.9.4.tgz | Description:
| Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. | | Homepage: | http://botan.randombit.net/ | | Changes: | This version adds a SSLv3/TLSv1.0 implementation, the GOST 34.10-2001 signature scheme, and the XSalsa20 stream cipher. New countermeasures against fault attacks on signature schemes are included. New SIMD optimizations for the IDEA and Noekeon block ciphers are available, and CBC and XTS modes can now make use of cipher implementations that use SIMD. A SQLite-like amalgamation option is now available, making botan very easy to distribute in applications. The dependency on TR1 for ECC has been removed, making ECDSA/ECDH available on Windows and with older compilers. | | File Size: | 3415352 | | Last Modified: | Mar 10 11:10:20 2010 | | MD5 Checksum: | 8ff9f7929b05295e9701adf1c8859a32 |
|
| /// File Name: | gnupg-2.0.15.tar.bz2 | Description:
| GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. | | Homepage: | http://www.gnupg.org | | Changes: | A regression in 2.0.14 which prevented unprotection of new or changed gpg-agent passphrases was fixed. A new command "--passwd" was added. libassuan 2.0 is now used. | | File Size: | 3976879 | | Last Modified: | Mar 10 11:08:27 2010 | | MD5 Checksum: | c1286e85b66349879dc4b760dd83e2f1 |
|
| /// File Name: | fwbuilder-4.0.0.tar.gz | Description:
| Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists. | | Homepage: | http://www.fwbuilder.org | | Changes: | This is a major upgrade. It comes with support for high availability firewall configurations, including heartbeat, vrrpd, keepalived, and conntrackd on Linux, CARP and pfsync on OpenBSD, and PIX failover configuration. It can generate configuration scripts to manage IP addresses, VLAN, bridge, and bonding interfaces on the firewall. Drop-in support for OpenWRT firewall script is now available, as well as experimental integration with IPCOP firewall appliances. The has supports undo and redo of unlimited depth and was generally streamlined and improved. | | File Size: | 5275041 | | Last Modified: | Mar 10 11:03:43 2010 | | MD5 Checksum: | 211788146729375d450756f104441068 |
|
| /// File Name: | anantasoft-xsrf.txt | Description:
| Anantasoft Gazelle CMS suffers from a cross site request forgery vulnerability. | | Author: | Pratul Agrawal | | File Size: | 2808 | | Last Modified: | Mar 10 10:59:29 2010 | | MD5 Checksum: | dad820e563724bc7b8c491876c9048fa |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
